Password-Cracking Techniques Popular culture would have us believe that cracking password is a simple as running some software and tapping a few buttons. The reality is that special techniques are needed to recover passwords. For the most part, we can break these techniques into categories; let’s take a high-level look at them now.
Dictionary Attacks An attack of this type takes the form of a password-cracking application that has a dictionary file loaded into it. The dictionary file is a text file that contains a list of known words up to and including the entire dictionary. The application uses this list to test different words in an attempt to recover the password. Systems that use passphrase typically are not vulnerable to this type of attack.
Brute-Force Attacks In this type of attack, every possible combination of characters is attempted until the correct one is uncovered. According to RSA labs, “Exhaustive key search, or brute-force search, is the basic technique for trying every possible key in turn until the correct key is identified.”
Hybrid Attack This form of password attack builds on the dictionary attack but with additional steps as part of the process. In most cases, this means passwords that are tried during a dictionary attack are modified with the additional and substitution of special characters and numbers, such as P@ssw0rd instead of Password.
Syllable Attack This type of attack is a combination of a brute-force attack and a dictionary attack. It is useful when the password a user has chosen is not a standard word or phrase.
Rule-Based Attack this could be considered an advanced attack. It assumes that the user has created a password using information the attacker has some knowledge of ahead of time, such as phrases and digits the user may have a tendency to use.
Passive Online Attacks Attacks in this category are carried out simply by sitting back and listening—in this case, via technology, in the form of sniffing tools such as Wireshark, man-in-the-middle attacks, or replay attacks.
Active Online Attacks The attacks in this category are more aggressive than passive attacks because the process requires deeper engagement with the targets. Attackers using this approach are targeting a victim with the intention of breaking a password. In cases of weak or poor passwords, active attacks are very effective. Forms of this attack include password guessing, Trojan/spyware/keyloggers, hash injection, and phishing.
Offlien Attacks This type of attack is designed to prey on the weaknesses not of passwords but of the way they are stored. Because passwords must be stored in some format, an attacker seeks to obtain them where they are stored by exploiting poor security or weaknesses inherent in a system. If these credentials happen to be stored in a plaintext or unencrypted format, the attacker will go after this file and gain the credentials happen to be stored in a plaintext or unencrypted format, the attacker will go after this file and gain the credentials. Forms of this attack include precomputed hashes, distributed network attacks, and rainbow attacks.
Nontechnical Attacks Also known as non-electronic attacks, these moves the process offline into the real world. A characteristic of this attack is that it does not require any technical knowledge and instead relies on theft, deception, and other means. Forms of this attack include shoulder surfing, social engineering, and dumpster diving.